PE (Portable Executable) Features
| PE (Portable Executable) Features |
|---|
| Ability to identify and mark suspicious/important strings |
| Automated Tagging (signatures, behavior patterns, similarity search) |
| Calculate .NET GUIDs (Module Version/TypeLib Id) |
| Calculate Authentihash / verify Authenticode signatures |
| Calculate entropy of resources |
| Calculate hashes and entropy of sections/resources |
| Calculate SSDEEP and Imphash |
| Decompile Java and .NET files |
| Detect cryptographic constants |
| Detect packers , compilers, anomalies, IOCs, and alternative IOCs |
| Disassemble PE files |
| Extract embedded files (including PE files), resources, and certificates |
| Extract strings from files |
| Integrate with other open source intelligence vendors (e.g., VirusTotal) |
| Malware family detection based on MISP Galaxy keywords |
| Map IOCs to previously detected threats (prevalence search) |
| Map UUIDs to known associated files/meta-data |
| MITRE ATT&CK framework |
| ML-based similarity search (300+ features) |
| Parse PDB information |
| Parse PE compiler metadata (RICH headers) |
| Parse SFX installer metadata |
| Parse SFX installer metadata |
| Support certificate whitelisting |
| Support custom hash whitelisting |
| Support integrated whitelists |
| Support national software reference library (NSRL) |
| Unpacking efforts for packed samples |
| Verify certificates (revocation status, validity, expiration) |
| YARA rules |
Was this page helpful?